I have a CakePHP website with its own login system. In the same server (but different folder), I have a WordPress blog. A user that is already logged in the CakePHP website can click a link that takes him to the WP blog and logs him into the blog at the same time. All this works perfectly.
The problem comes when going back to the original CakePHP website. If I place a link in the blog pinting to the website and the user clicks it, he is taken to the website, but his session there is lost, meaning that he has to log in again.
Is there any way to prevent that from happening? Shouldn’t the session be still valid even if the user leaves the website? It’s not that it expires, I have it set to 30 min.
This also happens even if the user doesn’t access the blog via the link in the website. If I log into the website, then open a new tab and enter the blog (without even logging in), and click the link to the website, the session in the website is lost. Well, there’s a new session actually (I’ve been printing the session id and it changes).
Any ideas on how to keep the session open would be useful.
Also, just in case, here’s the script that I use to log in a user from the website into the blog:
$sid = $_GET['sid'];
session_id($sid);
session_start();
if (isset($_SESSION['Auth']['User']['username'])) {
require('../blog/wp-blog-header.php'); //includes wordpress functions
$username = $_SESSION['Auth']['User']['username'];
$user = get_userdatabylogin($username);
wp_set_current_user($user->ID);
wp_set_auth_cookie( $user->ID );
}
header("Location: http://myblog.com/"); //Redirect user to the blog
Check your Security level. In some cases, it does a check on the ‘referer’ site. If you are coming from a WP blog, it might have a fit about that. That is what I am assuming is happening since it is generating a new session id.